KBOM - PowerPoint PPT Presentation

About This Presentation
Title:

KBOM

Description:

Aim. Develop a series of Success Factors for infrastructure security ... service password-encryption. no service udp-small-servers. no service tcp-small-servers ... – PowerPoint PPT presentation

Number of Views:48
Avg rating:3.0/5.0
Slides: 36
Provided by: loudfat
Category:
Tags: kbom | aim | hacking | password

less

Transcript and Presenter's Notes

Title: KBOM


1
KBOM

2
Aim
  • Develop a series of Success Factors for
    infrastructure security
  • Demonstrate the Success Factors in a Physical
    security analogy
  • Extend the analogy to the Digital world
  • Describe typical faults in infrastructure
    security

3
Good Security Security Success Factors
  • Multiple layers of protection
  • Defence in-depth
  • No direct access to customer data
  • Utilises multiple technologies including
  • Access control
  • Breach detection
  • Auditing or recording key events
  • Should integrate Human and Mechanised systems
  • What is not specific required is denied

4
Security systems
  • Testing the key success factors in the real world

5
Good Security A Physical Analogy
Motion Detector
Guard
6
Security Success Factors Applied
  • Multiple technologies including
  • Access control
  • Breach detection
  • Auditing
  • Ensures one fault does not put the crown jewels
    at risk

Use of manual and digital security
Guard
7
E-security systems
  • Relating the digital-world to the real world

8
E-security systems
  • A model that works

9
Countermeasures Digital Physical
Door Lock Firewall
Security Camera Activity Logs
Movement Sensors Intrusion Detection
Security Guard Security Technician
Physical Asset Digital Asset
System Logs
10
Security Success Factors Applied
Interface of manual and digital security
Security Console
  • Multiple technologies including
  • Access control
  • Breach detection
  • Auditing
  • Ensures one fault does not put the crown jewels
    at risk

data
  • Multiple layers of security
  • buys time to repel attacker and prevents bert
    endangering the jewels
  • Customer data not inDMZ

11
Common Faults
12
Common Faults Overall configuration design
Corporate Databases
Customer Data
Enterprise Systems
Encrypted information securely transferring over
the Internet
Further protection of the Intranet
Internet
Internal Firewall
Intranet
Web Server
Perimeter Firewall
Application Server
?
Authentication and permissions
?
Merchant securely identified via Certificates
Central role of the application server that will
connect to all data sources
Internet Databases
SET payment protocol that sends the users
details directly to the bank
Certification Authority
Bank
User securely identified via certificates
13
Common Faults Router
  • Access lists absent, incomplete or applied to the
    wrong interface
  • SNMP open with Community string of Public ...
    (Go on, have a guess)
  • Telnet open - allowing unrestricted terminal
    access to the internet
  • Small services open

And even if the perimeter router isnt yours WHO
PAYS THE PRICE IF IT IS HACKED
14
Bad Config - router 1 of 1
  • pantsshow startup-config
  • hostname pants
  • enable password cisco
  • interface Serial0/0
  • ip address 194.117.132.10 255.255.255.252
  • interface FastEthernet1/0
  • ip address 192.188.144.81 255.255.255.252
  • ip route 0.0.0.0 0.0.0.0 194.117.132.9
  • ip route 192.193.97.65 255.255.255.255
    195.188.144.82
  • snmp-server community public RO
  • snmp-server community private RW
  • line con 0
  • line aux 0
  • line vty 0 4
  • password cisco
  • login
  • !

15
After
16
After router 1 of 2
  • service password-encryption
  • no service udp-small-servers
  • no service tcp-small-servers
  • hostname pants
  • enable secret 5 1s1gNTDLK8LhaSdgKlDUpR84OY1
  • enable password notused
  • !
  • interface Serial0/0
  • ip address 192.117.132.10 255.255.255.8
  • ip access-group 102 in
  • !
  • interface FastEthernet1/0
  • ip address 195.188.144.81 255.255.255.0
  • ! ip access-group 103 in

17
After router 1 of 2
  • ! Management controls
  • access-list 1 permit 193.193.97.65
  • access-list 1 permit 193.193.116.0 0.0.0.255
  • !
  • ! Spoof rfc 1918 filter
  • access-list 102 deny ip 195.188.144.0 0.0.0.255
    any
  • access-list 102 deny ip 10.0.0.0 0. 255 . 255
    .255 any
  • !
  • ! Traffic filter
  • access-list 102 permit tcp any host
    195.188.144.68 eq www
  • access-list 102 permit tcp any host
    195.188.144.66 eq smtp
  • access-list 102 permit ip any host 195.188.144.66
  • !
  • ! Egress rules
  • access-list 103 permit ip 195.188.144.0 0.0.0.255
    any
  • access-list 103 deny ip any any

18
  • snmp-server community x1xx RO 1
  • snmp-server community x1xx RW 1
  • line con 0
  • password GMxQttt98
  • login
  • line aux 0
  • line vty 0 4
  • access-class 1 in
  • password Tmtttts
  • login

19
Common Faults - Firewalls
  • No anti-spoofing
  • Default passwords, Rules or Config
  • Unused services
  • Rules confused undocumented
  • No consideration given to error logging or the
    return connection (which can stop many hacks !!!)
  • Changes to the Configuration not logged
  • No reporting of authorisation failures

20
Before Pix 1 of 3
  • nameif ethernet0 outside security0
  • nameif ethernet1 inside security100
  • hostname firewall
  • fixup protocol ftp 21
  • fixup protocol http 80
  • fixup protocol smtp 25
  • fixup protocol h323 1720
  • fixup protocol sqlnet 1521
  • names
  • pager lines 24
  • no logging console
  • no logging monitor
  • no logging buffered errors
  • no logging trap
  • logging facility 20

21
Before Pix 2 of 3
  • interface ethernet0 auto
  • interface ethernet1 auto
  • ip address outside 11.73.2.222 255.255.255.0
  • ip address inside 11.73.7.251 255.255.255.0
  • nat (inside) 0 0.0.0.0 0.0.0.0 0 0
  • static (inside,outside) 11.73.1.2 161.73.1.2
    netmask 255.255.255.255 0 0
  • static (inside,outside) 11.73.1.1 161.73.1.1
    netmask 255.255.255.255 0 0
  • conduit permit tcp host 11.73.1.1 eq smtp any
  • conduit permit tcp host 11.73.1.2 eq www any
  • conduit permit tcp host 11.73.1.2 eq telnet any

22
Before Pix 3 of 3
  • apply (inside) 11 outgoing_src
  • rip outside passive
  • rip outside default
  • rip inside passive
  • rip inside default
  • route outside 0.0.0.0 0.0.0.0 161.73.2.234 1
  • no snmp-server location
  • no snmp-server contact
  • snmp-server community public
  • no snmp-server enable traps
  • telnet 11.73.140.99 255.255.255.255
  • telnet timeout 5
  • floodguard 1
  • Cryptochecksum8c7bc2b51a5bd78305c83a14f13e9c7b

23
After
24
after Pix 1 of 3
  • nameif ethernet0 outside security0
  • nameif ethernet1 inside security100
  • hostname firewall
  • no fixup protocol ftp 21
  • fixup protocol http 80
  • fixup protocol smtp 25
  • no fixup protocol h323 1720
  • no fixup protocol sqlnet 1521
  • names
  • pager lines 24
  • no logging console
  • logging host 192.2.2.1
  • logging trap 3
  • logging facility 20

25
After Pix 2 of 3
  • interface ethernet0 auto
  • interface ethernet1 auto
  • ip address outside 11.73.2.222 255.255.255.0
  • ip address inside 11.73.7.251 255.255.255.0
  • nat (inside) 0 0.0.0.0 0.0.0.0 0 0
  • static (inside,outside) 11.73.1.2 161.73.1.2
    netmask 255.255.255.255 0 0
  • static (inside,outside) 161.73.1.1 161.73.1.1
    netmask 255.255.255.255 0 0
  • conduit permit tcp host 11.73.1.1 eq smtp any
  • conduit permit tcp host 11.73.1.2 eq www any
  • conduit permit tcp host 11.73.1.2 eq telnet any
  • outbound 11 permit 11.73.0.0 255.255.0.0 smtp
    tcp
  • outbound 11 deny 11.73.0.0 255.255.0.0 www tcp
  • apply (inside) 11 outgoing_src

26
After Pix 3 of 3
  • rip outside passive
  • rip outside default
  • rip inside passive
  • rip inside default
  • route outside 0.0.0.0 0.0.0.0 161.73.2.234 1
  • no snmp-server location
  • no snmp-server contact
  • no snmp-server community public
  • no snmp-server enable traps
  • telnet 11.73.140.99 255.255.255.255
  • telnet timeout 5
  • floodguard 1
  • Cryptochecksum8c7bc2b51a5bd78305c83a14f13e9c7b

27
Firewall 1 - before
28
(No Transcript)
29
Firewall 1 - After
30
(No Transcript)
31
Common Faults - Web Server
  • Whoops - SSL is not enabled
  • Critical data in the DMZ Classical example of
    pointless Multiple layers
  • Default CGI script or Administration servlets
    only protected by a simple (Default!!) passwords
  • Developer SDK and doco available
  • Operating systems not properly hardened and
    configured

32
Common Faults - Applications
  • Confidential screens and information (perhaps
    passwords) unencrypted in URL or in cookies
  • Passwords used for high-value transactions
  • Application authorization that should work (as
    long as you dont try it)
  • No proper application logging or alerting making
    fraud easy

33
Common Faults - IDS
  • Focusing on known-attacks rather than anomalous
    traffic
  • Not updating it regularly
  • Attacks emerge every day
  • Encryption
  • Encryption is our friend but if you install a
    network based IDS to monitor encrypted traffic
    what is it
  • Putting them in a wrong place
  • You dont put a motion detector outside your
    house

34
KBOM

35
(No Transcript)
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "KBOM" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!